a5a0b9c020d92826c7ef2d4976fdfa676ba73b08b1ac4c8846abfa9114e7aa26

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
05-03-2024 18:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b5623f86f4a4e960316117f40267b413.exe
Size

5.8MB
MD5

b5623f86f4a4e960316117f40267b413
SHA1

ebc81aeaffd072457266a5256d78ced46abfc2de
SHA256

a5a0b9c020d92826c7ef2d4976fdfa676ba73b08b1ac4c8846abfa9114e7aa26
SHA512

f12681fb4e0cfba575a4fd47dbd7eac7b9f327fbbea5f407e33796de36ca6950ee3733474c77383fc4a03de73892ff3ee16ce902c2897ad74399ae88b32af86a
SSDEEP

98304:ecYy1sV/X2f/uhgaEMsGQZaXhP5a9UEI+eG9jAkbkR79D+cVItGQZaXhP5a9UEIm:ZYy1sV/2HnaEMiGhRaaCkN9qHGhRa

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2084	b5623f86f4a4e960316117f40267b413.exe

Executes dropped EXE 1 IoCs

pid	Process
2084	b5623f86f4a4e960316117f40267b413.exe

Loads dropped DLL 1 IoCs

pid	Process
2824	b5623f86f4a4e960316117f40267b413.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2824-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x00080000000122bf-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2824	b5623f86f4a4e960316117f40267b413.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2824	b5623f86f4a4e960316117f40267b413.exe
2084	b5623f86f4a4e960316117f40267b413.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2824 wrote to memory of 2084	2824	b5623f86f4a4e960316117f40267b413.exe	28
PID 2824 wrote to memory of 2084	2824	b5623f86f4a4e960316117f40267b413.exe	28
PID 2824 wrote to memory of 2084	2824	b5623f86f4a4e960316117f40267b413.exe	28
PID 2824 wrote to memory of 2084	2824	b5623f86f4a4e960316117f40267b413.exe	28

C:\Users\Admin\AppData\Local\Temp\b5623f86f4a4e960316117f40267b413.exe
"C:\Users\Admin\AppData\Local\Temp\b5623f86f4a4e960316117f40267b413.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2824
- C:\Users\Admin\AppData\Local\Temp\b5623f86f4a4e960316117f40267b413.exe
  C:\Users\Admin\AppData\Local\Temp\b5623f86f4a4e960316117f40267b413.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2084

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\b5623f86f4a4e960316117f40267b413.exe

Filesize
5.8MB

MD5
25655952a691a9fed6ef5ea2b28e1ce5

SHA1
dc507499945f05b398999e855ddd1a9da3f9dd38

SHA256
1c7c31f61299e0ab2106418a4e607aef276f5a935cb0d473e9c45c61a8fbcd32

SHA512
56cf9ac1a8e6d062393469ccd59e5b357488ed8dfe266e3f5c68d371cd1633dd7128439b2411a1b4c743b01a469dd757a22554d48396b29428e3ce5b8981f395

Download Submit
memory/2084-24-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2084-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2084-19-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2084-21-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2084-26-0x00000000035A0000-0x00000000037CA000-memory.dmp

Filesize
2.2MB

Download
memory/2084-33-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2824-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2824-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2824-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2824-17-0x0000000003DD0000-0x00000000042BF000-memory.dmp

Filesize
4.9MB

Download
memory/2824-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2824-32-0x0000000003DD0000-0x00000000042BF000-memory.dmp

Filesize
4.9MB

Download